Posted by riccardo krauter on Mar 19

1) Summary

Affected software CMS Made Simple-2.2.15
Vendor URL <>
Vulnerability File upload bypass with .phar extension lead to RCE

2) Vulnerability Description

The vulnerability affect the `FilePicker` module,
it is possible to bypass the restriction and upload a malicious file with `.phar` extension to gain Remote Code
This vulnerability is remotely…
Read More – Full Disclosure

By |2021-03-19T17:18:45-04:00March 19th, 2021|